Skip to main content

Third party independent audit and GRC assessment reports for Microsoft cloud services. Stay up to date on how Microsoft cloud services comply with global standards that matter to your organization.

SOC Reports ISO Reports FedRAMP Assessment Reports Archived Compliance Reports
Service Organization Controls (SOC) Audit assessment reports for Microsoft cloud services.
Azure - Public and Government SOC 1 Type II Report NEW This document details audit assessment performed by a third party independent auditor on Microsoft Azure and Microsoft Azure Government on Azure systems and effectiveness of controls that support SOC 1, SSAE18 objectives and principles for the time period 10-1-16 through 6-30-17. 2017-08-16
Azure - Public and Government SOC 2 Type II Report NEW This document details audit assessment performed by a third party independent auditor on Azure systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles, for the period Oct 2016 through June 2017. Also includes CSA STAR attestation. 2017-08-16
Azure - Germany SOC 3 Report NEW Microsoft Azure Germany- SOC 3 reports for Azure and Microsoft Datacenters supporting Microsoft Cloud Services. 2017-08-16
Azure - Azure and Azure Government SOC 3 Report NEW Microsoft Azure - Azure and Azure Government - SOC 3 reports for Azure and Microsoft Datacenters supporting Microsoft Cloud Services. 2017-08-16
Azure - Germany SOC 1 Type II Report - Click-Through NEW This document details audit assessment performed by a third party independent auditor on Microsoft Azure Germany and effectiveness of controls that support SOC 1, SSAE18 objectives and principles. 2017-08-16
Azure - Germany SOC 2 Type II Report NEW This document details audit assessment performed by a third party independent auditor on Azure Germany systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles, for the period Oct 2016 through June 2017. Also includes CSA STAR attestation. 2017-08-16
Azure - Germany SOC 3 Audit Report FY17 Azure Germany SOC 3 audit report for Azure Germany cloud systems. 2017-06-23
Azure - Germany SOC 2 Type II Audit Report FY17 This document details audit assessment performed by a third party independent auditor on Azure Germany's systems, design, and operating effectiveness of controls that support SOC 2 security, availability, processing integrity, and confidentiality trust principles. Also Cloud Controls Matrix CCM criteria_CCM, and Cloud Computing Compliance Controls Catalogue_C5, for the period Oct 2016 to March 2017. 2017-06-23
Azure - Germany SOC 1 SSAE 18 Type II Audit Report FY17 This document details the audit assessment performed by a third party independent auditor on Microsoft Azure Germany’s systems and effectiveness of the controls that support SOC 1, SSAE 18, ISAE 3402, and IDW PS 951 objectives. 2017-06-23
Azure - and Azure Government SOC 3 Audit Assessment Report Microsoft Azure - Azure and Azure Government - SOC 3 reports for Azure and Microsoft Datacenters supporting Microsoft Cloud Services. 2017-06-15
Azure - and Azure Government SOC 2 AT 101 Type II Audit Report 2017 This document details audit assessment performed by a third party independent auditor on Azure systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles, for the period Oct 2016 to March 2017. 2017-06-09
Azure - and Azure Government SOC 1 SSAE 18 Type II Audit Report 2017 This document details audit assessment performed by a third party independent auditor on Microsoft Azure and Microsoft Azure Government on Azure systems and effectiveness of controls that support SOC 1, SSAE18 objectives and principles for the time period 10-1-16 through 3-31-17. 2017-06-09
Office 365 - Additional Services SSAE18 SOC1 Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Office 365 additional services system and design effectiveness of controls that support SOC 1, SSAE18 objectives and principles. The services of School Data Sync, Outlook Customer Manager, Microsoft Charts, and ObjectStore are part of the overall Microsoft Office 365 Product Suite, and are referred to as "O365 additional Services". 2017-04-30
Office 365 - CollabDB and Griffin SOC 2 AT101 Type 1 Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Office 365 CollabDB and Griffin systems, design effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2017-03-16
Dynamics 365 - For Operations – SOC 1 SSAE 16 Type 1 Report Dynamics 365 for Operations SOC 1 Type 1 report as of February 28, 2017 with customer click-through acceptance. 2017-02-28
Azure - MCIO Combined SOC 1 SSAE 16 Type II and SOC 2 AT 101 Type II Bridge Letter Q1 2017 SOC Bridge letter confirming no material changes to the system of internal control provided by Azure and MCIO that would impact the conclusions reached in the SOC 1 SSAE 16 type II and SOC 2 AT 101 type II audit assessment reports. 2017-02-22
Office 365 - SOC 1 SSAE 16 Type II and SOC 2 AT 101 Type II Bridge Letter Q1 2017 SOC Bridge letter confirming no material changes to the system of internal control provided by Office 365 that would impact the conclusions reached in the SOC 1 SSAE 16 type II and SOC 2 AT 101 type II audit assessment reports. 2017-02-08
Office 365 - SOC 2 AT 101 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Office 365 systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2017-01-13
Office 365 - SOC 1 SSAE 16 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Office 365 systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2017-01-13
Dynamics 365 - SOC 2 AT 101 Type II Audit Assessment Report Bridge Letter Q4 2016 SOC Bridge letter confirming no material changes to the system of internal control provided by Dynamics 365 that would impact the conclusions reached in the SOC 2 AT 101 type II audit assessment reports. 2016-12-31
Dynamics 365 - SOC 1 SSAE 16 Type II Bridge Letter Q4 2016 SOC Bridge letter confirming no material changes to the system of internal control provided by Dynamics 365 that would impact the conclusions reached in the SOC 1 SSAE 16 type II audit assessment reports. 2016-12-31
Yammer - SOC 2 AT 101 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Yammer systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2016-12-09
Dynamics 365 - SOC 2 AT 101 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Azure systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2016-11-30
Dynamics 365 - SOC 1 SSAE 16 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Dynamics 365 systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2016-11-30
Office 365 - Customer Lockbox SOC 1 SSAE 16 Type I Report This document details audit assessment performed by a third party independent auditor on Office 365 Customer Lockbox systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2016-11-28
Azure - Azure and Microsoft Datacenters SOC 1 and SOC 2 Type II Bridge Letter Q3 2016 SOC Bridge letter confirming no material changes to the system of internal control provided by Azure that would impact the conclusions reached in the SOC 1 SSAE 16 type II and SOC 2 AT 101 type II audit assessment reports. 2016-11-23
Azure - Azure and Microsoft Datacenters SOC 2 AT 101 Type II Audit Assessment Report 2016 This document details audit assessment performed by a third party independent auditor on Azure systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2016-11-04
Azure - Azure and Microsoft Datacenters AT 101 SOC 3 Audit Assessment Report SOC 3 reports for Azure and Microsoft Datacenters supporting Microsoft Cloud Services. 2016-11-04
Azure - Azure and Microsoft Datacenters SOC 1 SSAE 16 Type II Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Azure systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2016-11-04
Yammer - SOC 2 AT 101 Type I Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Yammer systems, design effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2016-01-27
Azure - Opinsights SOC 1 SSAE 16 Type I Audit Assessment Report This document details audit assessment performed by a third party independent auditor on Azure Opinsights's systems, and design effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2015-07-15
ISO 27001, ISO 27017, ISO 27018 Standard audit assessment reports for Microsoft cloud services.
Azure - ISO 27018 Certificate of Registration NEW Certificate of Registration for the Protection of PII in Public Clouds 2017-08-17
Azure - ISO 27001 and 27018 Assessment Report 2016 NEW Third party independent audit assessment report for Azure's compliance with ISO standards - 27001 and 27018 requirements - year 2016. 2017-08-17
Azure - FY17 ISO 20000-1 Statement of Applicability NEW This documents details scope of ISO 2000-1 audit assessments for Microsoft's Azure and Azure Data Center Operations. 2017-07-27
Azure - FY17 ISO 27017 Certificate NEW Microsoft Azure - CY17 ISO 27017 Certificate 2017-07-27
Azure - FY17 ISO 27017 Assessment Report NEW Third party independent audit assessment report for Azure's compliance with ISO standards - 27017 requirements - year 2017. 2017-07-27
Azure - Microsoft FY17 ISO 20000-1 Assessment Report NEW Third party independent audit assessment report for Azure's compliance with ISO standards - 20000-1 requirements - year 2017. 2017-07-27
Azure - FY17 ISO 27017 Statement of Applicability NEW This documents details scope of ISO 27001 and ISO 27017 audit assessments for Microsoft's Azure and Azure Data Center Operations. 2017-07-27
Azure - FY17 - ISO 20000-1 Certificate NEW The Azure achievement of ISO 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2017-07-27
Azure - CY17 ISO 27001 Certificate - IS 577753 This documents details scope of ISO 27001 audit assessments for Microsoft's Azure. 2017-07-20
Azure - ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud -Certificate - PII 665842 Microsoft Azure - CY17 ISO 27018 Certificate - PII 665842 2017-06-16
Azure - ISO 27001 - Information Security Management Standards - Certificate - IS 577753 Azure's achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2017-06-16
Azure - ISO 27001 and ISO 27018 Audit Assessment Report 2017 Third party independent audit assessment report for Azure's compliance with ISO standards - 27001 and 27018 requirements - year 2017. 2017-04-26
Azure - ISO 9001 Assessment Report 2017 Azure's achievement of ISO 9001-2015 certification demonstrates its commitment to Quality Management Systems. ISO 9001-2015 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Quality Management System within the context of the organization's overall business risks. 2017-04-05
Azure - ISO-IEC 9001 Certificate 2017 ISO 9001-2015 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Quality Management System within the context of the organization's overall business risks. This certificate is applicable to the infrastructure, development, security and engineering services, systems, operations and support of Microsoft Azure. 2017-04-05
Office 365 - Global and Germany ISO 27017 - Code of Practice for Information Security Controls - Certificate Office 365 Global and Germany's achievement of ISO-IEC 27017 certification demonstrates its commitment to Information Security controls. 2017-03-30
Office 365 - Germany ISO 27001 ISO 27017 and ISO 27018 Audit Assessment Report Third party independent audit assessment report for Office 365 Germany's compliance with ISO standards requirements for ISO 27001 - Information Security Management Standard, ISO 27017 - Code of Practice for Information Security Controls, and ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud requirements. 2017-03-30
Office 365 - Global and Germany ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud - Certificate Office 365 Global and Germany's achievement of ISO IEC 27018 certification demonstrates that its privacy policies and procedures are robust and in line with its high standards to protect personal data within the cloud. 2017-03-30
Office 365 - Global and Germany ISO 27001 - Information Security Management Standards - Certificate Office 365 Global and Germany - achievement of ISO_IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2017-03-30
Azure - SO 27001 and ISO 27018 Audit Statement of Applicability (SOA) 2017 This documents details scope of ISO 27001 and ISO 27018 audit assessments for Microsoft's Azure and Azure Data Center Operations. 2017-02-22
Office 365 - Germany ISO 27001 ISO 27017 and ISO 27018 Audit Assessment Report Third party independent audit assessment report for Office 365 Germany's compliance with ISO standards requirements for ISO 27001 - Information Security Management Standard, ISO 27017 - Code of Practice for Information Security Controls, and ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud requirements. 2017-02-14
Azure - Germany ISO 27001 - Information Security Management Standards - Certificate Azure Germany’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2017-01-23
Azure - Germany ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud -Certificate Azure Germany’s achievement of ISO/IEC 27018 certification demonstrates that its privacy policies and procedures are robust and in line with its high standards. 2017-01-23
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001 - Information Security Management Standards - Certificate Microsoft Cloud Infrastructure Operation's achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint 2017-01-17
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001 Audit Assessment Report Third party independent audit assessment report for Azure Microsoft Cloud Infrastructure Operation's compliance with ISO 27001 standard. 2017-01-17
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27018 Audit Assessment Report Third party independent audit assessment report for Dynamics 365 Parature's compliance with ISO 27018 standard requirements. 2017-01-17
Azure - ISO 27001 and 27018 Statement of Applicability (SOA) This documents details scope of ISO 27001 and ISO 27018 audit assessments for Microsoft's Cloud Infrastructure Operations. 2017-01-17
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27018 - Personally Identifiable Information Protection - Certificate Microsoft Cloud Infrastructure Operation's achievement of ISO/IEC 27018 certification demonstrates its commitment to protection personally identifiable information. 2017-01-17
Yammer - ISO 27001 Audit Assessment Report Third party independent audit assessment report for Yammer's compliance with ISO 27001 Standards requirements. 2017-01-13
Dynamics 365 - (formerly Dynamics CRM) ISO 27018 - Personally Identifiable Information Protection - Certificate Dynamics 365’s achievement of ISO/IEC 27018 certification demonstrates its commitment to protection personally identifiable information. 2016-11-17
Dynamics 365 - Microsoft Dynamics Marketing Service (MDM) ISO 27001 - Information Security Management Standards - Certificate Dynamics 365 Microsoft Dynamics Marketing Service’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint 2016-11-17
Dynamics 365 - Parature ISO 27018 - Personally Identifiable Information Protection - Certificate Dynamics 365 Parature's achievement of ISO/IEC 27018 certification demonstrates its commitment to protection personally identifiable information. 2016-11-17
Dynamics 365 - (formerly Dynamics CRM) ISO 27018 Audit Assessment Report Third party independent audit assessment report for Dynamics 365's compliance with ISO 27018 Standards requirements. 2016-11-17
Office 365 - Office 365 ISO 27001, ISO 27018, and ISO 27017 Audit Assessment Report Third party independent audit assessment report for Office 365's compliance with ISO standards requirements for ISO 27001 - Information Security Management Standard, ISO 27017 - Code of Practice for Information Security Controls, and ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud requirements. 2016-11-17
Dynamics 365 - Microsoft Dynamics Marketing Service (MDM) ISO 27018 - Personally Identifiable Information Protection - Certificate Dynamics 365 Microsoft Dynamics Marketing Service’s achievement of ISO/IEC 27018 certification demonstrates its commitment to protection personally identifiable information. 2016-11-17
Dynamics 365 - (formerly Dynamics CRM) ISO 27001 - Information Security Management Standards - Certificate Dynamics 365’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2016-11-17
Office 365 - Information Security Management System (ISMS) - Statement Of Applicability for Security and Privacy Office 365 ISMS Statement of Applicability defines scope of ISMS in support of ISO standards. 2016-11-17
Dynamics 365 - Microsoft Dynamics Marketing Service (MDM) ISO 27001 and 27018 Audit Assessment Report Third party independent audit assessment report for Dynamics 365 MDM's compliance with ISO standards - 27001 and 27018 requirements. 2016-11-17
Dynamics 365 - Parature ISO 27001 and 27018 Audit Assessment Report Third party independent audit assessment report for Dynamics 365 Parature's compliance with ISO standards - 27001 and 27018 requirements. 2016-11-17
Dynamics 365 - (formerly Dynamics CRM) ISO 27001 Audit Assessment Report Third party independent audit assessment report for Dynamics 365's compliance with ISO 27001 Standards requirements. 2016-11-17
Dynamics 365 - Parature ISO 27001 - Information Security Management Standards - Certificate Dynamics 365 Parature’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint 2016-11-17
Dynamics 365 - ISO 27018 Statement of Applicability (SOA) This documents details scope of ISO 27018 audit assessments for Dynamics 365. 2016-11-11
Dynamics 365 - ISO 27001 Statement of Applicability (SOA) This documents details scope of ISO 27001 audit assessments for Dynamics 365. 2016-11-11
Azure - ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud -Certificate Azure’s achievement of ISO/IEC 27018 certification demonstrates that its privacy policies and procedures are robust and in line with its high standards. 2016-11-02
Azure - ISO 27001 - Information Security Management Standards - Certificate Azure’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security compliance standpoint. 2016-11-02
Azure - ISO 27001 and 27018 Audit Assessment Report Third party independent audit assessment report for Azure's compliance with ISO standards - 27001 and 27018 requirements. 2016-11-02
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001 - Information Security Management Standards - Certificate Microsoft Cloud Infrastructure Operation's achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2016-11-02
Azure - ISO 27001 and 27018 Statement of Applicability This documents details scope of ISO 27001 and 27018 audit assessments for Azure. 2016-11-02
Azure - ISO 22301 - Business Continuity Management Standard - Certificate Azures achievement of ISO-IEC 22301 certification demonstrates its commitment to Business Continuity Management 2016-09-16
Dynamics 365 - Microsoft Social Engagement Service ISO 27018 - Personally Identifiable Information Protection - Certificate Dynamics 365 Microsoft Social Engagement Service’s achievement of ISO/IEC 27018 certification demonstrates its commitment to protection personally identifiable information. 2016-08-29
Dynamics 365 - Microsoft Social Engagement Service ISO 27001 - Information Security Management Standards - Certificate Dynamics 365 Microsoft Social Engagement Service’s achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, and compliance standpoint. 2016-08-29
Azure - ISO 22301 - Business Continuity Management Standard - Audit Assessment Report Third party independent audit assessment report for Azure's compliance with ISO 22301 - Business Continuity Management standard requirements. 2016-08-26
Azure - ISO 27017 - Code of practice for information security controls - Certificate Azures achievement of ISO-IEC 27017 certification demonstrates its commitment to Information Security controls. 2016-07-01
Microsoft Cloud - Azure and Power BI ISO 27001 Audit Assessment Certificate Azure’s and Power BI's achievement of ISO/IEC 27001 certification demonstrates its commitment to making good on customer promises from a business, security, compliance standpoint. 2016-03-21
Microsoft Cloud - Azure and Power BI ISO 27018 Audit Assessment Certificate Azure’s achievement of ISO/IEC 27018 certification demonstrates that its privacy policies and procedures are robust and in line with its high standards. 2016-03-21
Yammer - ISO 27018 Audit Assessment Report Third party independent audit assessment report for Yammer's compliance with ISO 27018 standard requirements. 2016-02-02
Office 365 - Information Security Management System (ISMS) Manual The Office 365 Information Security Management System manual demonstrates how O365 Risk Management Program aligns with ISO IEC 270012013 compliant Information Security Management System. Contains herein are mappings and references linking the current policies, procedures, and guidelines along with controls and control activities to relevant ISO IEC 270012013 and ISO IEC 270182014 Control Clauses, Control Objectives, and Controls. 2014-10-30
FedRAMP program and ATO documents for Microsoft cloud services.
Azure - FedRAMP Moderate System Security Plan v3.02 This System Security Plan provides an overview of the security requirements for the Microsoft Azure Cloud Service Platform and describes the controls in place or planned for implementation to provide a level of security appropriate for the information to be transmitted, processed or stored by the system. 2017-06-30
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - also known as GFS - FedRAMP Authorization to Operate (P-ATO) Letter Letter from the Joint Authorization Board (JAB) of the Federal Risk and Authorization Management Program (FedRAMP) that determines that Microsoft Cloud Infrastructure Operations offering meets the information security requirements and is granted FedRAMP Provisional Authorization to Operate (P-ATO). 2016-10-25
Azure - FedRAMP Authorization to Operate (P-ATO) Letter Letter from the Joint Authorization Board (JAB) of the Federal Risk and Authorization Management Program (FedRAMP) that determines that Azure Government offering meets the information security requirements and is granted FedRAMP Provisional Authorization to Operate (P-ATO). 2016-10-25
Governance risk and compliance summary assessment reports for Microsoft cloud services.
Azure - Risk Environment v5.0_005-FINAL NEW Risk Environment for Azure G Cloud ISO 27001 2013 certification. 2017-08-16
Azure - Residual Risk Statement v 5.003 NEW Residual Risk Statement for ISO 27001 2013. 2017-08-16
Azure - Security Assessment Summary 2017 NEW Azure Security Assessment report for Key Vault and Hypervisor. 2017-08-16
Office 365 - Information Security Registered Assessors Program (IRAP) - Statement, Letter, and Report of Compliance 2017 Information Security Registered Assessors Program IRAP - Statement of compliance for Office 365 from Australian Signals Directorate_ASD. As well as Letter and Report of Compliance for Office 365 from 3rd party independent auditors. 2017-06-29
Azure - MCIO Information Security Registered Assessors Program (IRAP) - Letter, and Report of Compliance Information Security Registered Assessors Program IRAP - Letter and Report of Compliance for Microsoft Cloud Infrastructure Operations from 3rd party independent auditors. 2017-06-28
Dynamics 365 - Information Security Registered Assessors Program (IRAP) - Statement, Letter, and Report of Compliance Information Security Registered Assessors Program IRAP - Statement of compliance for Dynamics 365 from Australian Signals Directorate_ASD. As well as Letter and Report of Compliance for Dynamics 365 from 3rd party independent auditors. 2017-06-28
Visual Studio Team Services - Information Security Registered Assessors Program (IRAP) - Letter, and Report of Compliance Information Security Registered Assessors Program IRAP - Letter and Report of Compliance for Microsoft Visual Studio Team Services from 3rd party independent auditors. 2017-06-27
Azure - Information Security Registered Assessors Program (IRAP) - Statement, Letter, and Report of Compliance Information Security Registered Assessors Program IRAP - Statement of compliance for Microsoft Azure from Australian Signals Directorate_ASD. As well as Letter and Report of Compliance for Microsoft Azure from 3rd party independent auditors. 2017-06-27
Azure - Cyber Essentials PLUS Certificate Cyber Essentials is a UK government-backed, industry supported scheme to help organizations protect themselves against common cyber attacks. This certificate demonstrates Azure's compliance with Cyber Essentials Scheme. 2017-05-31
Azure - Attestation of Azure Alignment to the NIST Cybersecurity Framework_NIST CSF Attestation of Azure Alignment to the National Institute of Standards and Technology_NIST Cybersecurity Framework _CSF. 2017-05-19
Azure - Attestation of Compliance with Defense Federal Acquisition Regulation_DFARS Attestation of Compliance with Defense Federal Acquisition Regulation Supplement -DFARS Clause 252.204-7012 2017-05-08
Azure - Payment Card Industry (PCI) - Data Security Standard (DSS) Level 1 v3.2 Attestation of Compliance The Attestation of Compliance is available to customers to show that the a Qualified Security Assessor-QSA, has determined Azure is in compliance with PCI DSS v3.2. Customers who want to develop a cardholder environment or card processing service can leverage the Azure validation in many of the underlying portions, thereby reducing the associated effort and costs of getting their own PCI DSS certification. 2017-03-04
Office 365 - Law on the Protection of Personal Data (LOPD) Audit Assessment Report in Spanish Third party independent audit assessment report demonstrating Office 365's compliance with Spanish Law on the Protection of Personal Data (LOPD). 2017-02-02
Microsoft Cloud - Criminal Justice Information Services (CJIS) Cloud Computing Requirements Mapping This document details the specific requirements of the Federal Bureau of Investigations (FBI) Criminal Justice Information Services (CJIS) security Policy. This document provides guidelines to agencies in implementation of the CJIS requirements alongside their chosen Cloud service providers response. 2017-02-02
Azure - IT Grundschutz Workbook in German This workbook is developed to provide guidance for Azure customer in leveraging solutions and workloads deployed on Microsoft Azure Germany. In German. 2017-01-20
Microsoft Cloud - Spanish Local Data Protection Law Authorization in Spanish Spanish Data Protection Resolution stating that Office 365, Azure, and Dynamics 365 services provide adequate protection to comply with Spanish local Data Protection Laws. 2017-01-17
Azure - Multitier Cloud Security Standard (MTCS) Certificate 2017 Azure's MTCS Certificate validates Azure's compliance with requirements of Multi-Tier Cloud Security Standard. 2016-12-29
Azure - HITRUST CSF Assessment Letter A letter from independent assessor validating HITRUST CSF assessment for Microsoft Azure. 2016-12-16
Dynamics 365 - Multitier Cloud Security Standard (MTCS) Certificate Dynamics 365 MTCS Certificate validates Dynamics 365's compliance with requirements of Multi-Tier Cloud Security Standard. 2016-11-16
Azure - Multitier Cloud Security Standard (MTCS) Certificate Azure MTCS Certificate validates Azure's compliance with requirements of Multi-Tier Cloud Security Standard. 2016-11-16
Azure - Multitier Cloud Security Standard (MTCS) Cloud Service Provider Disclosure This documents details validations as part of MTCS audit assessment performed by third party independent auditor. 2016-11-16
Office 365 - Multitier Cloud Security Standard (MTCS) Certificate Office 365 MTCS Certificate validates Office 365's compliance with requirements of Multi-Tier Cloud Security Standard. 2016-11-16
Office 365 - Multitier Cloud Security Standard (MTCS) Cloud Service Provider Disclosure This documents details validations as part of MTCS audit assessment performed by third party independent auditor. 2016-11-16
Dynamics 365 - Multitier Cloud Security Standard (MTCS) Cloud Service Provider Disclosure This documents details validations as part of MTCS audit assessment performed by third party independent auditor. 2016-11-16
Microsoft Cloud - Azure and Office 365 BIR-2012 Baseline Coverage This document summarizes how Microsoft Office 365 and Azure demonstrates compliance with Baseline Informatiebeveiliging Rjiksdienst standard BIR. 2016-11-04
Microsoft Cloud - Azure and Office 365 NEN7510-2011 Standard Coverage This document summarizes how Microsoft Office 365 and Azure demonstrate compliance with NEN 7510 2016-11-02
Office 365 - UK G-Cloud Risk Environment The intention of this document is to provide G-Cloud users of Microsoft Office 365 with an overview of the risk environment for that service. 2016-10-26
Azure - CDSA Content Protection & Security (CPS) Standard Audit Report The CPS certification provides a standards-based method of assuring our customers and yours that the intellectual property rights of media assets stored, managed, and distributed from within Azure are protected. Furthermore, you can use Azure CPS certification toward your own CPS certification efforts. 2016-10-10
Azure - CDSA Content Protection & Security (CPS) Standard Audit Certificate The Microsoft Azure Media Services CSMS has been validated by the CDSA, awarding Azure Media Services certification to this standard. Furthermore, you can use Azure CPS certification toward your own CPS certification efforts. 2016-10-10
Office 365 - HITRUST Common Security Framework (CSF) Assessment Report Third party independent auditor's HITRUST Common Security Framework (CSF) assessment report for Office 365. 2016-08-05
Azure - Payment Card Industry (PCI) - Data Security Standard (DSS) Level 1 Attestation of Compliance - Add-on The Attestation of Compliance is available to customers to show that the a Qualified Security Assessor (QSA) has determined Azure is in compliance with PCI DSS v3.1. Customers who want to develop a cardholder environment or card processing service can leverage the Azure validation in many of the underlying portions, thereby reducing the associated effort and costs of getting their own PCI DSS certification. 2016-07-11
Azure - Payment Card Industry (PCI) - Data Security Standard (DSS) Level 1 Attestation of Compliance - Core The Attestation of Compliance is available to customers to show that the a Qualified Security Assessor (QSA) has determined Azure is in compliance with PCI DSS v3.1. Customers who want to develop a cardholder environment or card processing service can leverage the Azure validation in many of the underlying portions, thereby reducing the associated effort and costs of getting their own PCI DSS certification. 2016-07-11
Azure - UK G-Cloud Residual Risk Statement The intention of this document is to provide G-Cloud users of Microsoft Azure with an overview of the risk environment and insights into residual risks for that service. 2016-06-14
Azure - Intune UK G-Cloud Risk Environment Updated The intention of this document is to provide G-Cloud users of Microsoft Intune with an overview of the risk environment for that service. 2016-06-14
Azure - UK G-Cloud Security Assessment This report provides the results of the activities performed during penetration test in support of UK G-Cloud objectives and provides records of all security tests conducted. The test procedures included automated and manual system vulnerability testing and were designed to obtain an accurate representation of the security posture of the selected target. 2016-06-14
Azure - Intune UK G-Cloud Residual Risk Statement The intention of this document is to provide G-Cloud users of Microsoft Intune with an overview of the risk environment and insights into residual risks for that service. 2016-06-14
Azure - Intune UK G-Cloud Security Assessment This report provides the results of the activities performed during penetration test in support of UK G-Cloud objectives and provides records of all security tests conducted. The test procedures included automated and manual system vulnerability testing and were designed to obtain an accurate representation of the security posture of the selected target. 2016-06-14
Azure - UK G-Cloud Risk Environment The intention of this document is to provide G-Cloud users of Microsoft Azure with an overview of the risk environment for that service. 2016-06-13
Azure - Certificate of compliance for Spanish Law on the Protection of Personal Data in Spanish Certificate demonstrating Azure's compliance with Spanish Law on the Protection of Personal Data (LOPD). 2016-06-10
Azure - Law on the Protection of Personal Data (LOPD) Audit Assessment Report in Spanish Third party independent audit assessment report demonstrating Azure's compliance with Spanish Law on the Protection of Personal Data (LOPD). 2016-06-10
Office 365 - Certificate of compliance for Spanish Law on the Protection of Personal Data in Spanish Certificate demonstrating Office 365's compliance with Spanish Law on the Protection of Personal Data (LOPD). 2016-06-10
Office 365 - National Security Framework Certificate ENS Office 365 ENS National Security Framework Certificate validates Office 365's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-04-06
Office 365 - National Security Framework Certificado ENS (In Spanish) Office 365 ENS National Security Framework Certificate validates Office 365's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-04-06
Azure - National Security Framework Certificado ENS (In Spanish) Azure ENS National Security Framework Certificate validates Azure's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-04-05
Azure - Payment Card Industry (PCI) - Data Security Standard (DSS) - Statement of Applicability This document details scope of Payment Card Industry (PCI) - Data Security Standard (DSS) audit assessment for Azure. 2016-03-11
Azure - Spanish National Security Framework (ENS) Audit Assessment Report Azure's ENS Audit Assessment report details Azure's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-03-10
Office 365 - Spanish National Security Framework (ENS) Audit Assessment Report Office 365's ENS Audit Assessment report details Azure's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-03-10
Azure - Informe Auditoria ENS Third party independent audit assessment report that expresses an opinion on the adequacy of Microsoft Azure Cloud Service regarding the measures and controls as defined in the "Spanish National Security Framework" 2016-03-10
Azure - National Security Framework Certificate ENS (In English) Azure ENS National Security Framework Certificate validates Azure's compliance with the measures and controls as defined in the "Spanish National Security Framework". 2016-03-10
Office 365 - Informe Auditoria ENS Third party independent audit assessment report that expresses an opinion on the adequacy of Microsoft Office 365 Cloud Service regarding the measures and controls as defined in the "Spanish National Security Framework" 2016-03-10
Azure - Motion Picture Association of America (MPAA) Application and Cloud Security Guidelines This “Application and Cloud Security Guidelines” document, and its companion “Azure Responses to MPAA Common Guidelines”, provide the framework for evaluating Azure’s capabilities to support secure content workflows in the cloud. The details presented below enable deep insight into core Azure operations and architecture, such as physical security, infrastructure management, privacy policies, business continuity, and more. 2016-03-01
Azure - Intune UK G-Cloud Risk Environment The intention of this document is to provide G-Cloud users of Microsoft Intune with an overview of the risk environment for that service. 2015-05-15
Dynamics 365 - UK G-Cloud Risk Environment The intention of this document is to provide G-Cloud users of Dynamics 365 with an overview of the risk environment for that service. 2015-04-16
Office 365 - Architecture and Audit Reports - Management Summary This document provides an overview of Office 365 architecture and service to enable reader of compliance audit reports issues by various standards bodies to understand how the audit reports for Office 365 and its dependency services are inter-related. 2014-11-07
Azure - Internal Revenue Service (IRS) Safeguard Security Report (SSR) The IRS 1075 Safeguard Security Report (SSR) thoroughly documents how Microsoft services implement the applicable IRS controls, and is based on the FedRAMP packages of Azure. 2014-03-02
Previous versions of audit and compliance assessment reports for Microsoft cloud services.
Yammer - ISO 27001 Audit Assessment Report for Year 2016 Third party independent audit assessment report for Yammer's compliance with ISO 27001 standard requirements for year 2016. 2016-02-02
Office 365 - ISO 27001 and ISO 27018 Audit Assessment Report for Year 2015 Third party independent audit assessment report for Office 365's compliance with ISO standards requirements for ISO 27001 - Information Security Management Standard, ISO 27017 - Code of Practice for Information Security Controls, and ISO 27018 - Code of Practice for Protecting Personal Data in the Cloud requirements - for year 2015. 2015-12-02
Azure - SOC 1 SSAE 16 Type II Audit Assessment Report for Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Azure's systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2015-11-25
Office 365 - ISO 27001 and ISO 27018 Statement of Applicability (SOA) for Year 2015 This documents details scope of ISO 27001 and ISO 27018 audit assessments for Office 365 for year 2015. 2015-10-23
Office 365 - SOC 1 SSAE 16 Audit Assessment Report for Year 2015 This document details audit assessment performed by a third party independent auditor on Office 365 systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives - for year 2015. 2015-10-12
Office 365 - SOC 2 AT 101 Type II Audit Assessment Report for Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Office 365's systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2015-10-12
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - SOC 1 SSAE 16 Type II Audit Assessment Report Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Azure's Microsoft Cloud Infrastructure Operation's systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2015-09-02
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - SOC 3 Type II Audit Assessment Report for Year 2015 SOC 3 reports for Microsoft Cloud Infrastructure Operations supporting Microsoft Cloud Services. 2015-09-02
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - SOC 2 AT 101 Type II Audit Assessment Report for Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Microsoft Cloud Infrastructure Operation's systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2015-09-02
Azure - CDSA Content Protection & Security (CPS) Standard Audit Certificate for Year 2016 The Microsoft Azure Media Services CSMS has been validated by the CDSA, awarding Azure Media Services certification to this standard. Furthermore, you can use Azure CPS certification toward your own CPS certification efforts. This is report for year 2016. 2015-09-01
Dynamics 365 - SOC 2 AT 101 Type II Audit Assessment Report for year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Dynamics 365's systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2015-08-28
Dynamics 365 - SOC 1 SSAE 16 Audit Assessment Report for Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Dynamics 365 systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2015-08-28
Azure - ISO 27001 Audit Assessment Report for Year 2015 Third party independent year 2015 audit assessment report for Azure's compliance with ISO 27001 standard requirements. 2015-08-28
Azure - SOC 2 AT 101 Type II Audit Assessment Report for Year 2015 This document details year 2015 audit assessment performed by a third party independent auditor on Azure's systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2015-07-31
Azure - SOC 3 Type II Audit Assessment Report for Year 2015 SOC 3 report for Azure Cloud Services for year 2015. 2015-07-31
Office 365 - Information Security Management System (ISMS) - Statement Of Applicability for Security and Privacy for Year 2014 Office 365 ISMS Statement of Applicability defines scope of ISMS in support of ISO standards for year 2014. 2015-06-28
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001_2005 - Audit Assessment Report for Year 2015 Third party independent year 2015 audit assessment report for Azure's compliance with ISO 27001_2005 Standards requirements. 2015-05-06
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001_2013 - Audit Assessment Report for Year 2015 Third party independent audit assessment report for Microsoft Cloud Infrastructure Operation's compliance with ISO 27001 Standards requirements - for year 2015. 2015-05-04
Office 365 - Information Security Registered Assessors Program (IRAP) - Statement of Compliance Office 365 Information Security Registered Assessors Program (IRAP) - Statement of Compliance for Office 365 from Australian Signals Directorate (ASD). 2015-04-20
Azure - Microsoft Cloud Infrastructure Operations (MCIO) - ISO 27001 Statement of Applicability (SOA) for Year 2015 This documents details scope of Year 2015 ISO 27001 audit assessments for Microsoft's Cloud Infrastructure Operations. 2015-04-13
Office 365 - Information Security Registered Assessors Program (IRAP) - Report of Compliance Third party independent auditor's assessment report on IRAP compliance for Office 365 2015-03-31
Office 365 - Information Security Registered Assessors Program (IRAP) - Letter of Compliance Third party independent auditor's assessment letter of IRAP compliance for Office 365 2015-03-02
Yammer - ISO 27001 Audit Assessment Report Year 2015 Third party independent year 2015 audit assessment report for Yammer's compliance with ISO 27001 standard requirements. 2015-01-09
Dynamics 365 - ISO 27001 Audit Assessment Report for Year 2014 Third party independent year 2014 audit assessment report for Dynamics 365's compliance with ISO 27001 standard requirements. 2014-12-17
Office 365 - ISO 27001 and 27018 Audit Assessment Report Third party independent audit assessment report for Office 365's compliance with ISO standards - 27001 and 27018 requirements - for year 2014. 2014-11-07
Office 365 - SOC 1 SSAE 16 Type II Audit Assessment Report for Year 2014 This document details year 2014 audit assessment performed by a third party independent auditor on Office 365 systems, design and operating effectiveness of controls that support SOC 1, SSAE 16, and ISAE 3402 objectives. 2014-06-30
Office 365 - SOC 2 AT 101 Type II Audit Assessment Report for Year 2014 This document details year 2014 audit assessment performed by a third party independent auditor on Office systems, design, and operating effectiveness of controls that support SOC 2, AT 101, AICPA Trust Service objectives and principles. 2014-06-20